Quick Start
1. Install the SDK
Section titled “1. Install the SDK”npm install @runplex/sylo2. Get your developer secret
Section titled “2. Get your developer secret”- Sign in to your Sylo dashboard
- Go to Settings
- Click Create secret
- Copy the
sylo_sk_...key — you won’t see it again
3. Set up your sandbox template
Section titled “3. Set up your sandbox template”Install the Sylo tunnel client at build time:
curl -fsSL https://sylo.runplex.dev/install | sudo bashThis downloads the tunnel client binary and init script. At runtime, init.sh activates the proxy.
4. Create a session and launch
Section titled “4. Create a session and launch”import { SyloClient } from "@runplex/sylo";import { Sandbox } from "e2b";
const sylo = new SyloClient({ apiUrl: "https://sylo.runplex.dev", developerSecret: process.env.SYLO_SECRET,});
// Create session — credentials are encrypted, never enter the sandboxconst session = await sylo.createSandboxToken({ tenantId: "customer-123", expiresIn: "10m", credentials: [ { name: "openai", envVar: "OPENAI_API_KEY", domain: "api.openai.com", header: "Authorization", value: `Bearer ${process.env.OPENAI_API_KEY}`, }, ], mitm: ["api.openai.com"], policies: { default: "allow" },});
// sandboxEnv() returns all env vars including OPENAI_API_KEY=sylo_cred:openaiconst env = sylo.sandboxEnv(session);
const sandbox = await Sandbox.create("your-template", { envs: { ...env },});5. The agent runs normally
Section titled “5. The agent runs normally”Inside the sandbox, the proxy is active. API calls go through Sylo transparently:
# Agent code — no Sylo awareness neededimport openai
# OPENAI_API_KEY=sylo_cred:openai in the env# Sylo replaces it with the real key on the wireclient = openai.OpenAI()response = client.chat.completions.create( model="gpt-4", messages=[{"role": "user", "content": "Hello"}],)6. Query the audit log
Section titled “6. Query the audit log”const { events } = await sylo.queryAudit({ tenantId: "customer-123",});
for (const event of events) { console.log( `${event.method} ${event.destination}${event.path} → ${event.policyDecision}` );}// POST api.openai.com/v1/chat/completions → allow (cred: openai)7. Revoke the session
Section titled “7. Revoke the session”await sylo.revokeSession(session.token);Sessions auto-expire based on expiresIn, but you can revoke early when the agent is done.
Next steps
Section titled “Next steps”- Credential Injection — named credentials, multiple per domain
- Policy Enforcement — allow/deny rules, rate limiting
- Proxy Modes — tunnel vs proxy mode
- Self-Hosting — deploy on your own infrastructure